On Thu, 2021-08-26 at 16:27 -0500, William Roberts wrote:
> On Thu, Aug 26, 2021 at 3:01 AM Tomas Mraz wrote:
> >
> > On Wed, 2021-08-25 at 13:20 -0500, William Roberts wrote:
> > > Hello,
> > >
> > > I am trying to verify an HMAC signature with the code below and
> > > the
> > > EVP_DigestVerif
> > Don't forget to use CRYPTO_memcmp for comparing the HMACs, not regular
> > ol' memcmp.
>
> What's the rationale? The HMAC result isn't secret.
The _purported_ tag is public, but the _ground truth_ tag is not.
Indeed, that's the whole reason to use a constant time compare.
Otherwise, an attack
On Thu, Aug 26, 2021 at 3:01 AM Tomas Mraz wrote:
>
> On Wed, 2021-08-25 at 13:20 -0500, William Roberts wrote:
> > Hello,
> >
> > I am trying to verify an HMAC signature with the code below and the
> > EVP_DigestVerifyInit()
> > routine is failing with "error:0608F096:digital envelope
> > routine
On 8/26/2021 5:35 AM, d0 wrote:
Don't forget to use CRYPTO_memcmp for comparing the HMACs, not regular
ol' memcmp.
What's the rationale? The HMAC result isn't secret.
Don't forget to use CRYPTO_memcmp for comparing the HMACs, not regular
ol' memcmp.
-Marian
On Wed, 2021-08-25 at 13:20 -0500, William Roberts wrote:
> Hello,
>
> I am trying to verify an HMAC signature with the code below and the
> EVP_DigestVerifyInit()
> routine is failing with "error:0608F096:digital envelope
> routines:EVP_PKEY_verify_init:operation not supported for this
> keytype"
Hello,
I am trying to verify an HMAC signature with the code below and the
EVP_DigestVerifyInit()
routine is failing with "error:0608F096:digital envelope
routines:EVP_PKEY_verify_init:operation not supported for this
keytype". Eventually it gets to EVP_PKEY_verify_init() and since the
ctx->pmeth-
